A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
Organizations take lot of efforts to install DLP components, especially on important machines where confidential data is getting generated, but they may not be able to protect each computer in the enterprise, due to reasons like large number of different platforms or operating systems (OS), machine outages, quick and dynamic provisioning of virtual machines, no clear and individual accounting for test and lab machines. DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices. Even when these technologies are deployed, it is possible for sensitive objects to ‘leak’. Occasionally, leakage is deliberate and malicious, but often it is accidental too. For example, in today's global marketplace environment, a user of a computing system transmits data, knowingly or unknowingly, to a growing number of entities outside a computer network of an organization or enterprise. Previously, the number of entities were very limited, and within a very safe environment. For example, each person in an enterprise would just have a single desktop computer, and a limited number of software applications installed on the computer with predictable behavior. More recently, communications between entities may be complex and difficult for a human to monitor.
A very simple way that data losses can happen in a company is that people may print data on a network-based printer. Network-based printing, also referred to as cloud based printing, enables any application to print data, such as a document, by sending the data to any cloud-connected printer. Any user in an enterprise can easily print any document to remote printer, bypassing current security and auditing systems. Browsers may have built-in support for these network-based printers, such as the Chrome® browser and the Google® Cloud Print (GCP) service. GCP service is a web service, offered by Google of Mountain View, Calif., that enables any application (web, mobile, desktop) on any device to print any cloud-connected printer. Users associate printers with their Google Account. Printers are treated in much the same way as documents are in Google Docs: it is very easy to share printers with your coworkers, friends, and family anywhere in the world. In addition to associating printers with a user's Google Account, GCP also stores the capabilities of each particular printer model so that the appropriate printer options can be shown to the user when submitting a print job. Once the service receives a print job, it sends it to the printer. The service also receives regular updates on the status of the print job from the printer and makes this status available to the application. Any type of application can use Google Cloud Print, including web apps (such as Gmail and certain third-party apps) and native apps (such as a desktop word processor or an Android/iOS device). These apps call Google Cloud Print APIs. They can use these APIs to collect the necessary data to show their own user interface for custom print options or simply use the common print dialog that Google Cloud Print provides. There are also APIs for querying print job status. Google Cloud Print is now integrated with the mobile Gmail® service and mobile Google® Docs service, and third-party app developers can use the Google® Cloud Print service in their web, desktop, and mobile applications as well.